Описание
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
Отчет
Whilst the OpenShift Container Platform (OCP) and OpenShift Service Mesh (OSSM) grafana container does include goxmldsig, it is only included as part of the SAML implementation. SAML is only available in the enterprise version of Grafana (https://grafana.com/docs/grafana/latest/auth/saml/). Hence the openshift4/ose-grafana and servicemesh-grafana containers have been marked as wont-fix and may be addressed in a future update.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh-grafana | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
This affects all versions of package github.com/russellhaering/goxmlds ...
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures
7.5 High
CVSS3